Built by the community
Navigation
Metrics
Program
Service DeskPricingPoliciesDocument RepositoryLive Ecosystem
Developer Docs
TPP — Open Finance StandardsLFI — Integration GuideAPI SpecsKnowledge BaseRelease Notes & Erratas
NewsGitHub
Validate · Enforce · Trust

Bank Data Sharing — Requirements v2.115 min read

The validation rules that apply to Bank Data Sharing. The Validated by column on each table indicates where each rule is enforced. Read alongside the Consent requirements and the User Journeys.

All requests require an active Trust Framework application with the BDSP role, a valid transport certificate presented on every request via mTLS, and an active signing key for JWT signing.

01 Endpoint

Consent Creation

POST/par
#
Field
Rule
Validated by
1
Request JWT
Must conform to the Request JWT requirements — correct aud, signing algorithm (PS256), and expiry window.
API Hub
2
client_assertion
Must be included in the POST body (client_assertion_type: urn:ietf:params:oauth:client-assertion-type:jwt-bearer). Authenticates the TPP application — see Client Assertion.
API Hub
3
scope (in Request JWT)
Must be accounts openid.
API Hub
4
authorization_details[0].type (in Request JWT)
Must be urn:openfinanceuae:account-access-consent:v2.1.
API Hub
5
API version supported
The consent version in authorization_details[0].type (e.g. urn:openfinanceuae:account-access-consent:v2.1) restricts the version of the Account Information endpoints the consent can be used to call (specified in the path, e.g. /open-finance/v2.1/accounts). It MUST resolve to an ApiVersion the LFI has published in the Trust Framework for the Account Information API family.
LFI/consent/action/validate
6
OpenAPI schema
The request must conform exactly to the POST /par OpenAPI schema. No additional or undocumented parameters are permitted.
API Hub
7
consent.AccountType
Must be a value supported by the LFI. Supported account types are discoverable via the AccountTypes flag on the LFI's authorisation server entry in the Trust Framework.
LFI/consent/action/validate
8
consent.AccountSubType
If provided, each value must be a sub-type supported by the LFI. Supported sub-types are discoverable via the AccountSubTypes metadata on the LFI's authorisation server entry in the Trust Framework.
LFI/consent/action/validate
9
consent.Permissions
If any of ReadBalances, ReadBeneficiariesBasic, ReadBeneficiariesDetail, ReadTransactionsBasic, ReadTransactionsDetail, ReadProduct, ReadScheduledPaymentsBasic, ReadScheduledPaymentsDetail, ReadDirectDebits, ReadStandingOrdersBasic, ReadStandingOrdersDetail, ReadStatements, or ReadProductFinanceRates are included, at least one of ReadAccountsBasic or ReadAccountsDetail must also be present.
API Hub
10
consent.PermissionsReadProductFinanceRates
ReadProductFinanceRates MUST only be requested by TPPs that hold the Access Encrypted Resource Data optional certification with Nebras. An uncertified TPP MUST NOT include this permission in authorization_details; if it does, the API Hub rejects the consent. Only certified TPPs are permitted to receive product finance rates, whether the LFI returns them in cleartext or as an encrypted JWE.
API Hub
11
consent.Permissions (unsupported)
If the provided Permissions include permissions not supported by the LFI (e.g. the LFI does not have the endpoint /accounts/{AccountId}/standing-orders published to the Trust Framework yet the consent request includes ReadStandingOrdersBasic or ReadStandingOrdersDetail), the consent validation will fail.
LFI/consent/action/validate
12
consent.BaseConsentId
If provided, must reference a previous consent belonging to the same end user. If the original consent in the chain already had a BaseConsentId, the TPP must reuse that same BaseConsentId rather than the immediate prior ConsentId.
LFI/consent/action/validate
13
consent.ExpirationDateTime
Must not be in the past. Must be less than one year in the future.
API Hub
14
x-fapi-interaction-id
Should be included. Should be a valid UUID (RFC 4122). An invalid value will not cause a failure but tracing will not be possible.
N/A
02 Section

Authorization — Account Selection

#
Field
Rule
Validated by
1
Eligible accounts
If the authenticated customer does not hold any accounts matching the requested consent parameters (e.g. AccountType, AccountSubType, or the permissions requested), the consent will be set to Rejected with error: invalid_request and error_description: user_lacks_eligible_accounts.
LFI
03 Endpoint

List Accounts

GET/accounts
#
Field
Rule
Validated by
1
Authorization
Must contain a valid Bearer access token issued with the accounts openid scope. The consent bound to the token must be in Authorized status and the ExpirationDateTime of the Consent must be in the future.
API Hub
2
URL version
The version in the request URL path (e.g. v2.1 in /open-finance/account-information/v2.1/accounts) must match the version in the consent's authorization_details[0].type (urn:openfinanceuae:account-access-consent:v2.1).
API Hub
3
consent.Permissions
The consent must include ReadAccountsBasic or ReadAccountsDetail.
API Hub
4
x-fapi-interaction-id
Should be included. Should be a valid UUID (RFC 4122). An invalid value will not cause a failure but tracing will not be possible.
N/A
5
x-fapi-auth-date
Must be sent when the customer is authenticated at the time of the call. Must be a valid HTTP-date (RFC 7231), e.g. Tue, 11 Sep 2012 19:43:31 UTC.
TPP
6
x-fapi-customer-ip-address
Must be sent when the customer is actively present at the time of the call. Must be a valid IPv4 or IPv6 address.
TPP
7
x-customer-user-agent
Should be sent when the customer is actively present. Should reflect the user-agent of the customer's browser or device.
TPP
8
AccountSubType
Supported for all account subtypes: CurrentAccount, Savings, CreditCard, Finance, Mortgage.
LFI
04 Endpoint

Get Account

GET/accounts/{AccountId}
#
Field
Rule
Validated by
1
Authorization
Must contain a valid Bearer access token issued with the accounts openid scope. The consent bound to the token must be in Authorized status and the ExpirationDateTime of the Consent must be in the future.
API Hub
2
URL version
The version in the request URL path must match the version in the consent's authorization_details[0].type.
API Hub
3
consent.Permissions
The consent must include ReadAccountsBasic or ReadAccountsDetail.
API Hub
4
AccountId
Must be a valid account ID shared by the customer — i.e. returned by GET /accounts under the same consent. See Account Access Validation for the response when the customer does not hold the account.
LFI
5
x-fapi-interaction-id
Should be included. Should be a valid UUID (RFC 4122). An invalid value will not cause a failure but tracing will not be possible.
N/A
6
x-fapi-auth-date
Must be sent when the customer is authenticated at the time of the call. Must be a valid HTTP-date (RFC 7231).
TPP
7
x-fapi-customer-ip-address
Must be sent when the customer is actively present at the time of the call. Must be a valid IPv4 or IPv6 address.
TPP
8
x-customer-user-agent
Should be sent when the customer is actively present. Should reflect the user-agent of the customer's browser or device.
TPP
9
AccountSubType
Supported for all account subtypes: CurrentAccount, Savings, CreditCard, Finance, Mortgage.
LFI
05 Endpoint

Get Balances

GET/accounts/{AccountId}/balances
#
Field
Rule
Validated by
1
Authorization
Must contain a valid Bearer access token issued with the accounts openid scope. The consent bound to the token must be in Authorized status and not expired.
API Hub
2
URL version
The version in the request URL path must match the consent version.
API Hub
3
consent.Permissions
The consent must include ReadBalances.
API Hub
4
AccountId
Must be a valid account ID shared by the customer — i.e. returned by GET /accounts under the same consent. See Account Access Validation for the response when the customer does not hold the account.
LFI
5
x-fapi-interaction-id
Should be included. Should be a valid UUID (RFC 4122).
N/A
6
x-fapi-auth-date
Must be sent when the customer is authenticated at the time of the call.
TPP
7
x-fapi-customer-ip-address
Must be sent when the customer is actively present at the time of the call.
TPP
8
x-customer-user-agent
Should be sent when the customer is actively present.
TPP
9
AccountSubType
Supported for all account subtypes: CurrentAccount, Savings, CreditCard, Finance, Mortgage.
LFI
06 Endpoint

Get Beneficiaries

GET/accounts/{AccountId}/beneficiaries
#
Field
Rule
Validated by
1
Authorization
Must contain a valid Bearer access token bound to an Authorized consent.
API Hub
2
URL version
Must match the consent version.
API Hub
3
consent.Permissions
The consent must include ReadBeneficiariesBasic or ReadBeneficiariesDetail.
API Hub
4
AccountId
Must be a valid account ID shared by the customer — i.e. returned by GET /accounts under the same consent. See Account Access Validation for the response when the customer does not hold the account.
LFI
5
x-fapi-interaction-id
Should be a valid UUID (RFC 4122).
N/A
6
x-fapi-auth-date
Must be sent when the customer is authenticated at the time of the call.
TPP
7
x-fapi-customer-ip-address
Must be sent when the customer is actively present at the time of the call.
TPP
8
x-customer-user-agent
Should be sent when the customer is actively present.
TPP
9
AccountSubType
Only supported for CurrentAccount and Savings accounts. Not available for CreditCard, Finance, or Mortgage accounts.
LFI
07 Endpoint

Get Direct Debits

GET/accounts/{AccountId}/direct-debits
#
Field
Rule
Validated by
1
Authorization
Must contain a valid Bearer access token bound to an Authorized consent.
API Hub
2
URL version
Must match the consent version.
API Hub
3
consent.Permissions
The consent must include ReadDirectDebits.
API Hub
4
AccountId
Must be a valid account ID shared by the customer — i.e. returned by GET /accounts under the same consent. See Account Access Validation for the response when the customer does not hold the account.
LFI
5
x-fapi-interaction-id
Should be a valid UUID (RFC 4122).
N/A
6
x-fapi-auth-date
Must be sent when the customer is authenticated at the time of the call.
TPP
7
x-fapi-customer-ip-address
Must be sent when the customer is actively present at the time of the call.
TPP
8
x-customer-user-agent
Should be sent when the customer is actively present.
TPP
9
AccountSubType
Only supported for CurrentAccount and Savings accounts.
LFI
08 Endpoint

Get Product

GET/accounts/{AccountId}/product
#
Field
Rule
Validated by
1
Authorization
Must contain a valid Bearer access token bound to an Authorized consent.
API Hub
2
URL version
Must match the consent version.
API Hub
3
consent.Permissions
The consent must include ReadProduct. ReadProductFinanceRates is required for finance rate data to be included in the response, and is only available to TPPs holding the Access Encrypted Resource Data certification — see Consent Creation.
API Hub
4
AccountId
Must be a valid account ID shared by the customer — i.e. returned by GET /accounts under the same consent. See Account Access Validation for the response when the customer does not hold the account.
LFI
5
Customer-present session
When the consent includes ReadProductFinanceRates, the TPP MUST only call this endpoint from an active customer-facing session — the customer must be using the TPP application at the time of the call. Background or scheduled calls are not permitted on a consent that carries ReadProductFinanceRates, because the encrypted-rate flow requires the customer to receive and enter the one-time code in real time. Consequently x-fapi-customer-ip-address and x-fapi-auth-date MUST be set on every such call.
TPP
6
x-fapi-interaction-id
Should be a valid UUID (RFC 4122).
N/A
7
x-fapi-auth-date
Must be sent when the customer is authenticated at the time of the call. MUST be sent on every call when the consent carries ReadProductFinanceRates, because such calls are always customer-present.
TPP
8
x-fapi-customer-ip-address
Must be sent when the customer is actively present at the time of the call. MUST be sent on every call when the consent carries ReadProductFinanceRates, because such calls are always customer-present.
TPP
9
x-customer-user-agent
Should be sent when the customer is actively present.
TPP
10
AccountSubType
Supported for all account subtypes.
LFI
11
FinanceRates — key request
If FinanceRates is returned as a JWE, the TPP must prompt the User to enter the encryption key delivered to them by the LFI (e.g. via SMS or push notification) before decryption can proceed.
TPP
12
FinanceRates — local decryption
Decryption of the JWE must be performed locally on the User's device. The decrypted data must not be transmitted to the TPP's servers or persisted in any storage accessible to the TPP's application.
TPP
13
FinanceRates — data usage
The decrypted data must only be used to display the rates to the User within the active session. The TPP must not store, transmit, or otherwise process the unencrypted data.
TPP
14
FinanceRates — expiry
The TPP must observe the exp value in the JWE header and discard any decrypted data once the expiry threshold has passed. If the data is still required, the TPP must repeat the API operation to retrieve a fresh response — the original consent must still be valid for this to succeed.
TPP
15
FinanceRates — session discard
The TPP must discard all decrypted data from memory when the User closes their session, regardless of whether exp has been reached.
TPP
09 Endpoint

Get Scheduled Payments

GET/accounts/{AccountId}/scheduled-payments
#
Field
Rule
Validated by
1
Authorization
Must contain a valid Bearer access token bound to an Authorized consent.
API Hub
2
URL version
Must match the consent version.
API Hub
3
consent.Permissions
The consent must include ReadScheduledPaymentsBasic or ReadScheduledPaymentsDetail.
API Hub
4
AccountId
Must be a valid account ID shared by the customer — i.e. returned by GET /accounts under the same consent. See Account Access Validation for the response when the customer does not hold the account.
LFI
5
x-fapi-interaction-id
Should be a valid UUID (RFC 4122).
N/A
6
x-fapi-auth-date
Must be sent when the customer is authenticated at the time of the call.
TPP
7
x-fapi-customer-ip-address
Must be sent when the customer is actively present at the time of the call.
TPP
8
x-customer-user-agent
Should be sent when the customer is actively present.
TPP
9
AccountSubType
Only supported for CurrentAccount and Savings accounts.
LFI
10 Endpoint

Get Standing Orders

GET/accounts/{AccountId}/standing-orders
#
Field
Rule
Validated by
1
Authorization
Must contain a valid Bearer access token bound to an Authorized consent.
API Hub
2
URL version
Must match the consent version.
API Hub
3
consent.Permissions
The consent must include ReadStandingOrdersBasic or ReadStandingOrdersDetail.
API Hub
4
AccountId
Must be a valid account ID shared by the customer — i.e. returned by GET /accounts under the same consent. See Account Access Validation for the response when the customer does not hold the account.
LFI
5
x-fapi-interaction-id
Should be a valid UUID (RFC 4122).
N/A
6
x-fapi-auth-date
Must be sent when the customer is authenticated at the time of the call.
TPP
7
x-fapi-customer-ip-address
Must be sent when the customer is actively present at the time of the call.
TPP
8
x-customer-user-agent
Should be sent when the customer is actively present.
TPP
9
AccountSubType
Only supported for CurrentAccount and Savings accounts.
LFI
11 Endpoint

Get Transactions

GET/accounts/{AccountId}/transactions
#
Field
Rule
Validated by
1
Authorization
Must contain a valid Bearer access token bound to an Authorized consent.
API Hub
2
URL version
Must match the consent version.
API Hub
3
consent.Permissions
The consent must include ReadTransactionsBasic or ReadTransactionsDetail. ReadFXTransactionsBasic, ReadFXTransactionsDetail, or ReadFXRemittanceCharges are required for FX transaction data to be included.
API Hub
4
AccountId
Must be a valid account ID shared by the customer — i.e. returned by GET /accounts under the same consent. See Account Access Validation for the response when the customer does not hold the account.
LFI
5
fromBookingDateTime
If provided, must be a valid ISO 8601 date-time (time component optional, defaults to 00:00:00) and must not be after toBookingDateTime. A contradictory range is rejected with 400 Resource.InvalidFormat. Any timezone offset is ignored when filtering.
API Hub
6
toBookingDateTime
If provided, must be a valid ISO 8601 date-time (time component optional, defaults to 00:00:00) and must not be in the future. A future toBookingDateTime is rejected with 400 Resource.InvalidFormat. Any timezone offset is ignored when filtering.
API Hub
7
x-fapi-interaction-id
Should be a valid UUID (RFC 4122).
N/A
8
x-fapi-auth-date
Must be sent when the customer is authenticated at the time of the call.
TPP
9
x-fapi-customer-ip-address
Must be sent when the customer is actively present at the time of the call.
TPP
10
x-customer-user-agent
Should be sent when the customer is actively present.
TPP
11
AccountSubType
Supported for all account subtypes.
LFI
12 Endpoint

Get Statements

GET/accounts/{AccountId}/statements
#
Field
Rule
Validated by
1
Authorization
Must contain a valid Bearer access token bound to an Authorized consent.
API Hub
2
URL version
Must match the consent version.
API Hub
3
consent.Permissions
The consent must include ReadStatements.
API Hub
4
AccountId
Must be a valid account ID shared by the customer — i.e. returned by GET /accounts under the same consent. See Account Access Validation for the response when the customer does not hold the account.
LFI
5
fromStatementDate
If provided, must be a valid ISO 8601 date and must not be after toStatementDate. A contradictory range is rejected with 400 Resource.InvalidFormat. Filtering is open-ended if not provided.
API Hub
6
toStatementDate
If provided, must be a valid ISO 8601 date and must not be in the future. A future toStatementDate is rejected with 400 Resource.InvalidFormat. Filtering is open-ended if not provided.
API Hub
7
x-fapi-interaction-id
Should be a valid UUID (RFC 4122).
N/A
8
x-fapi-auth-date
Must be sent when the customer is authenticated at the time of the call.
TPP
9
x-fapi-customer-ip-address
Must be sent when the customer is actively present at the time of the call.
TPP
10
x-customer-user-agent
Should be sent when the customer is actively present.
TPP
11
AccountSubType
Supported for all account subtypes.
LFI
13 Endpoint

Get Account Parties

GET/accounts/{AccountId}/parties
#
Field
Rule
Validated by
1
Authorization
Must contain a valid Bearer access token bound to an Authorized consent.
API Hub
2
URL version
Must match the consent version.
API Hub
3
consent.Permissions
The consent must include ReadParty, ReadPartyUser, or ReadPartyUserIdentity.
API Hub
4
AccountId
Must be a valid account ID shared by the customer — i.e. returned by GET /accounts under the same consent. See Account Access Validation for the response when the customer does not hold the account.
LFI
5
x-fapi-interaction-id
Should be a valid UUID (RFC 4122).
N/A
6
x-fapi-auth-date
Must be sent when the customer is authenticated at the time of the call.
TPP
7
x-fapi-customer-ip-address
Must be sent when the customer is actively present at the time of the call.
TPP
8
x-customer-user-agent
Should be sent when the customer is actively present.
TPP
9
AccountSubType
Supported for all account subtypes.
LFI
14 Endpoint

Get Parties

GET/parties
#
Field
Rule
Validated by
1
Authorization
Must contain a valid Bearer access token bound to an Authorized consent.
API Hub
2
URL version
Must match the consent version.
API Hub
3
consent.Permissions
The consent must include ReadParty, ReadPartyUser, or ReadPartyUserIdentity.
API Hub
4
x-fapi-interaction-id
Should be a valid UUID (RFC 4122).
N/A
5
x-fapi-auth-date
Must be sent when the customer is authenticated at the time of the call.
TPP
6
x-fapi-customer-ip-address
Must be sent when the customer is actively present at the time of the call.
TPP
7
x-customer-user-agent
Should be sent when the customer is actively present.
TPP
8
AccountSubType
Supported for all account subtypes.
LFI
15 Section

Account Access Validation

Scenario
Response
AccountId is not held by the customer who authorized the consent
403 with errorCode: Consent.PermanentAccountAccessFailure and errorMessage: The account is permanently inaccessible.
16 Section

Account Status Handling

Status
Response
Active, Inactive, Dormant
Data is returned normally.
Suspended
403 with errorCode: Consent.AccountTemporarilyBlocked and errorMessage: The account is temporarily blocked.
Unclaimed, Deceased, Closed
403 with errorCode: Consent.PermanentAccountAccessFailure and errorMessage: The account is permanently inaccessible.